<?php
	if(isset($_REQUEST["JO_query"]))	
	if($_REQUEST["JO_query"] == "account_login" ){
		$s_account 	= addcslashes($_POST["JO_txtusernamei"],"%_',*&$#@!");
		$s_pass		= $_POST["JO_txtpasswordi"];
		
		$rs_result = indexController::JO_account_login($s_account,$s_pass);
		
		if( $rs_result -> num_rows > 0 ){
			$row = $rs_result->fetch_array();
			//session_start( );
			
			session_register("JO_account_id");
			session_register("JO_account_name");
			session_register("JO_account_authority");

			$_SESSION[ "JO_account_id" 		] = $row[ "key" ];
			$_SESSION[ "JO_account_name" 		] = html_entity_decode($row[ "name" ],ENT_QUOTES,"UTF-8");
			$_SESSION[ "JO_account_authority" 	] = $row[ "authority" ];
			$_SESSION[ "JO_account_mail" 		] = $row[ "mail" ];
			$_SESSION[ "JO_account_avatar" 		] = "http://profile.ak.fbcdn.net/hprofile-ak-snc4/70692_100001062749063_7438182_n.jpg";
			
			JO_location();
		}else{
			echo "<script>alert('Bạn đã nhập sai tài khoản hoăc mật khẩu');</script>";
			JO_location();
		}
	}
	
	elseif ( $_REQUEST["JO_query"] == "account_logout" ){
		session_destroy( );

	

		

		JO_location( );


	
	}elseif ( $_REQUEST["JO_query"] == "account_signin" ){
		
		$s_account	= $_POST["txt_account"];
		
		$specialChar="`&><,.?/".'"'."'";
		for ($i=0; $i<=strlen($specialChar); $i++) {
			if (strpos($s_account,$specialChar[$i]) !==false){
				exit("<script>alert('Tên tài khoản không chứa ký tự đặc biệt `, &, >, <, ., ?,/,\", \'');</script>");
			}
		}
		
		$s_pass		= $_POST["txt_password"];
		$s_name		= htmlentities($_POST["txt_name"],ENT_QUOTES,"UTF-8");
		$s_email	= $_POST["txt_email"];
		$s_sex		= $_POST["cb_sex"];
		$s_phone	= htmlentities($_POST["txt_phone"],ENT_QUOTES,"UTF-8");
		$s_address	= htmlentities($_POST["txt_address"],ENT_QUOTES,"UTF-8");
		$s_birth	= $_POST["cb_birth_year"]."-".$_POST["cb_birth_month"]."-".$_POST["cb_birth_day"];
		
		$i_result = indexController::JO_account_insert(	$s_account,
														$s_pass,
														$s_name,
														$s_email,
														$s_sex,
														$s_phone,
														$s_address,
														$s_birth );
		if ($i_result==1)
			echo "<script>alert('Bạn đã đăng ký thành công.');</script>";
		else
			echo "<script>alert('Quá trình đăng ký thất bại.');</script>";
		JO_location();

	}
?>
<?php
class indexController{
	public static function JO_account_login($s_account,$s_pass){

		$s_pass_md5 = md5($s_pass);
			
		$s_SQLCommand = "call JO_account_login(
								'".$s_account."',
								'".$s_pass."',
								'".$s_pass_md5."'
							);";
		$rs_result = DataProvider::executeSQL($s_SQLCommand);

		return $rs_result;
	}
	
	public static function JO_account_insert($s_account, $s_pass, $s_name, $s_email, $s_sex, $s_phone, $s_address,$s_birth){

		$s_pass_md5 = md5($s_pass);
			
		$s_SQLCommand = "call JO_account_insert(
								'".$s_account."',
								'".$s_pass_md5."',
								'".$s_name."',
								'".$s_email."',
								". ( $s_sex		? "'".$s_sex."'"		: "NULL").",
								". ( $s_phone	? "'".$s_phone."'"		: "NULL").",
								". ( $s_address	? "'".$s_address."'"	: "NULL").",
								". ( $s_birth	? "'".$s_birth."'"		: "NULL")."
							);";
		
		$rs_result = DataProvider::executeNoneSQL($s_SQLCommand);

		return $rs_result;
	}
}
?>